Smart cards are plastic cards having an embedded Integrated Circuit (IC). That IC may be a logic circuit with its associated memories or a microcontroller with its associated memories and software, or a microcontroller with its associated memories and software coupled to a custom circuit block or interface.
To use the computing power of the IC, a smart card makes use of a full set of packaging technologies. For example, the die size varies from 1 mm2 to 30 mm2, but is limited because of the mechanical limitations imposed by the plastic construction of the smart card. The IC is attached to a lead frame and wire-bonding techniques are used to connect the IC pads to the lead frame contacts. Potting or other strengthening methods can be used to protect the IC against chemical and mechanical stresses during manufacturing and are a part of everyday usage of a smart card. Eight contacts are typically located on one side of the card. The smart card performs transactions with a smart card reader using a serial protocol. The mechanical and electrical specifications for a smart card are published by the International Standard Organization (ISO) as ISO7816-X standards, which have allowed the simple and massproduced magnetic stripe cards to evolve toward the smart card. This natural evaluation has allowed smart cards, depending on the IC complexity, of course, to perform pre-paid accounting, cryptographic scheme, personal authentication using a PIN code, biometrics, and java scripts, for example.
ISO documents ISO 7816-1 Physical Characteristics, ISO 7816-2 Dimensions and Locations of the contacts, ISO 7816-3 Electronic signals and transmission protocols, ISO 7816-4 Interindustry Commands for Interchange, and ISO 7816-10 Electronic signals and answer to reset for synchronous cards are incorporated herein by reference.
In operation, smart card readers are recognized by the reader infrastructure or a host computer prior to performing any transaction involving a smart card. The infrastructure runs an application involving the smart card. The half duplex protocol between the smart card and the smart card reader, in which either the smart card sends information to the smart card reader or vice versa, cannot start until a smart card is in place and detected by the smart card reader. The infrastructure manages authentication or transactions for pre-paid cards in public telephony, for Bankcards in Point-of-Sale (POS) terminals and Automatic Teller Machines (ATM), for Pay TV providers in set top boxes, and for wireless telecom operators in Subscriber Identification Modules (SIM) used in Global System for Mobile (GSM) terminals. Except for SIM cards, all other smart card reader applications use a physical sensor to detect the smart card. This sensor tells the smart card reader when a smart card is in place, i.e., when the smart card lead frame contacts mate with the smart card reader contacts.
When the smart card reader has established that a smart card is in place, a power-up sequence begins. After this power-up sequence has finished, the smart card reader typically provides a clock to the smart card and releases a reset signal. The smart card then executes its stored Operating System (OS). The SIM card, on the other hand, is in place only once with the power-off and used constantly subsequent to its positioning.
The first application for smart card technology was the public telephone system. The smart card die size was typically less than 1 mm2, and only memories and logic circuits were integrated in the IC. The smart card reader used all eight contacts to interface properly with the different smart card generations. When the smart card was inserted in the payphone, the telephone infrastructure authenticated the smart card and the telephone removed “units” from the smart card.
The banking industry subsequently adopted smart cards. The die size was about 10 mm2, and a microcontroller and its associated memories and software were integrated in the IC. The smart card reader used up to six contacts to interface properly with the different smart card generations. When a smart card was inserted in the ATM or the POS (point-of-sale), the smart card user was authenticated with a PIN code. The smart card could store different items, such as the balance of cash received from an ATM on a per week basis or details of purchases since a last closing date. Based on this information, authorization could be issued on the spot once the PIN had authenticated the debtor. This was accomplished without telephone calls to the bank.
Another application for smart cards has been developed by GSM manufacturers. The die size in a SIM is about 30 mm2, and a microcontroller and its associated memories and software are integrated in the IC. The SIM reader uses five contacts to interface properly with the smart card. The more sophisticated smart card applications are performed in GSM using Java applets.
A new market for the smart card has emerged with the growth of the internet accessed from a personal computer. Secure message, Public Key Infrastructure, Authentication and Electronic Payment are new smart card areas of interest. The smart card acts as an e-commerce facilitator. One advantage of a smart card compared to other solutions is the smart card PIN located in its memory that is never communicated in any transaction.
Presently, a smart card is inserted into a smart card reader connected to a host computer. Two protocols are involved in supporting transactions between the smart card and host computer. The first protocol complies with the ISO-7816-3, which provides detailed requirements for the serial interface between smart card and smart card reader. The reader is connected to the computer via a serial port, a parallel port, or the Universal Serial Bus (USB), using a second protocol. The smart card reader contains electronic circuits and embedded software that enable communication between the smart card using the first protocol and the host computer using the second protocol. The host computer is loaded with any appropriate drivers to support the smart card reader.
Many countries have begun to use the smart card in the PC environment. The die size used in these applications ranges from 5 mm2 to 30 mm2 and the microcontroller and its associated memories and software are integrated in the IC typically with a cryptocontroller. Sometimes, a bio-sensor is integrated. The smart card reader uses at least five contacts to interface properly with the smart card in these applications.
Since the late 1990's, the universal serial bus (USB) has become firmly established and has gained wide acceptance in the PC marketplace. The USB was developed in response to a need for a standard interface that extends the concept of “plug and play” to devices external to a PC. It has enabled users to install and remove external peripheral devices without opening the PC case or removing power from the PC. The USB provides a low-cost, high performance, half-duplex serial interface that is easy to use and readily expandable.
USB uses four wires. The power supply is carried with two wires (VBus and ground), and data is carried with the other two wires (D+, D−). The latest version of the USB is currently defined by the Universal Serial Bus Specification Revision 2.0, written and controlled by USB Implementers Forum, Inc., a non-profit corporation founded by the group of companies that developed the USB Specification.
In particular, Chapter 5 USB Data Flow Model, Chapter 7 Electrical, Chapter 8 Protocol Layer and Chapter 9 USB Device Framework of Universal Serial Bus Specification are incorporated herein by reference. The increasingly widespread use of the USB has led smart card reader manufacturers to develop USB interfaces for connection of their products to host computers to complement the existing serial and parallel interfaces.
It is also possible to use smart cards as security devices. For example, it may be possible to use a smart card for securing e-mails. At the present time, there are many solutions for securing e-mails. Some products are free and others are commercial software products, which all allow users to encrypt their e-mails. As a software solution, however, keys are required to be stored on the machine they are used. This is an important problem in terms of security, because if anybody could hack the personal computer on which the keys are stored, the confidentiality is no longer guaranteed.
Some hardware solutions use traditional smart cards along with the personal computer. This allows a user to encrypt the e-mail through a secure device and generally requires a proprietary piece of software on the PC to perform an encryption using the smart card device. This type of solution works only if proprietary software is available. This is problematic when people move from one personal computer to another personal computer or move between offices, sites or between the home and office or other locations.